Msanft

**Name of the Vulnerable Software and Affected Versions** Soft Serve versions prior to 0.10.0 **Description** Soft Serve is a self-hostable Git server for the command line. The SSH API allows attackers to create or override arbitrary files with uncontrolled data using the `--output` variable. **Recommendations** Update to version 0.10.0.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions 1.1.0 through 1.1.31 ViewVC versions 1.2.0 through 1.2.3 **Description** ViewVC is a browser interface for CVS and Subversion version control repositories. The `standalone.py` script within the ViewVC distribution can expose the contents of the host server's filesystem through a directory traversal attack. **Recommendations** Update to ViewVC version 1.1.31 or later. Update to ViewVC version 1.2.4 or later.